7.5 - GLSA-201805-02

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Python: Buffer overflow

Informations
Name	GLSA-201805-02	First vendor Publication	2018-05-02
Vendor	Gentoo	Last vendor Modification	2018-05-02
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A buffer overflow in Python might allow remote attackers to execute arbitrary code.

Background

Python is an interpreted, interactive, object-oriented programming language.

Description

A buffer overflow was discovered in Python's PyString_DecodeEscape function in stringobject.c.

Impact

Remote attackers, by enticing a user to process a specially crafted file, could execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Python 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.14:2.7"

References

[ 1 ] CVE-2017-1000158 : https://nvd.nist.gov/vuln/detail/CVE-2017-1000158

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201805-02

Original Source

Url : http://security.gentoo.org/glsa/glsa-201805-02.xml

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-190	Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Python cpe:2.3:a:python:python:3.5.4:-:::::: cpe:2.3:a:python:python:3.5.4:rc1:::::: cpe:2.3:a:python:python:3.5.3:-:::::: cpe:2.3:a:python:python:3.5.3:rc1:::::: cpe:2.3:a:python:python:3.5.2:-:::::: cpe:2.3:a:python:python:3.5.2:rc1:::::: cpe:2.3:a:python:python:3.5.1:-:::::: cpe:2.3:a:python:python:3.5.1:rc1:::::: cpe:2.3:a:python:python:3.5.0:-:::::: cpe:2.3:a:python:python:3.5.0:alpha1:::::: cpe:2.3:a:python:python:3.5.0:alpha2:::::: cpe:2.3:a:python:python:3.5.0:alpha3:::::: cpe:2.3:a:python:python:3.5.0:alpha4:::::: cpe:2.3:a:python:python:3.5.0:beta1:::::: cpe:2.3:a:python:python:3.5.0:beta2:::::: cpe:2.3:a:python:python:3.5.0:beta3:::::: cpe:2.3:a:python:python:3.5.0:beta4:::::: cpe:2.3:a:python:python:3.5.0:rc1:::::: cpe:2.3:a:python:python:3.5.0:rc2:::::: cpe:2.3:a:python:python:3.5.0:rc3:::::: cpe:2.3:a:python:python:3.5.0:rc4:::::: cpe:2.3:a:python:python:3.4.9:-:::::: cpe:2.3:a:python:python:3.4.9:rc1:::::: cpe:2.3:a:python:python:3.4.8:-:::::: cpe:2.3:a:python:python:3.4.8:rc1:::::: cpe:2.3:a:python:python:3.4.7:-:::::: cpe:2.3:a:python:python:3.4.7:rc1:::::: cpe:2.3:a:python:python:3.4.6:-:::::: cpe:2.3:a:python:python:3.4.6:rc1:::::: cpe:2.3:a:python:python:3.4.5:-:::::: cpe:2.3:a:python:python:3.4.5:rc1:::::: cpe:2.3:a:python:python:3.4.4:-:::::: cpe:2.3:a:python:python:3.4.4:rc1:::::: cpe:2.3:a:python:python:3.4.3:-:::::: cpe:2.3:a:python:python:3.4.3:rc1:::::: cpe:2.3:a:python:python:3.4.2:-:::::: cpe:2.3:a:python:python:3.4.2:rc1:::::: cpe:2.3:a:python:python:3.4.10:-:::::: cpe:2.3:a:python:python:3.4.10:rc1:::::: cpe:2.3:a:python:python:3.4.1:-:::::: cpe:2.3:a:python:python:3.4.1:rc1:::::: cpe:2.3:a:python:python:3.4.0:-:::::: cpe:2.3:a:python:python:3.4.0:alpha1:::::: cpe:2.3:a:python:python:3.4.0:alpha2:::::: cpe:2.3:a:python:python:3.4.0:alpha3:::::: cpe:2.3:a:python:python:3.4.0:alpha4:::::: cpe:2.3:a:python:python:3.4.0:beta1:::::: cpe:2.3:a:python:python:3.4.0:beta2:::::: cpe:2.3:a:python:python:3.4.0:beta3:::::: cpe:2.3:a:python:python:3.4.0:rc1:::::: cpe:2.3:a:python:python:3.4.0:rc2:::::: cpe:2.3:a:python:python:3.4.0:rc3:::::: cpe:2.3:a:python:python:3.4:alpha1:::::: cpe:2.3:a:python:python:3.3.7:-:::::: cpe:2.3:a:python:python:3.3.7:rc1:::::: cpe:2.3:a:python:python:3.3.6:rc1:::::: cpe:2.3:a:python:python:3.3.6:-:::::: cpe:2.3:a:python:python:3.3.5:rc2:::::: cpe:2.3:a:python:python:3.3.5:-:::::: cpe:2.3:a:python:python:3.3.5:rc1:::::: cpe:2.3:a:python:python:3.3.4:rc1:::::: cpe:2.3:a:python:python:3.3.4:-:::::: cpe:2.3:a:python:python:3.3.3:rc1:::::: cpe:2.3:a:python:python:3.3.3:rc2:::::: cpe:2.3:a:python:python:3.3.3:-:::::: cpe:2.3:a:python:python:3.3.2:::::::* cpe:2.3:a:python:python:3.3.1:rc1:::::: cpe:2.3:a:python:python:3.3.1:-:::::: cpe:2.3:a:python:python:3.3.0:-:::::: cpe:2.3:a:python:python:3.3.0:alpha1:::::: cpe:2.3:a:python:python:3.3.0:alpha2:::::: cpe:2.3:a:python:python:3.3.0:alpha3:::::: cpe:2.3:a:python:python:3.3.0:alpha4:::::: cpe:2.3:a:python:python:3.3.0:beta1:::::: cpe:2.3:a:python:python:3.3.0:beta2:::::: cpe:2.3:a:python:python:3.3.0:rc1:::::: cpe:2.3:a:python:python:3.3.0:rc2:::::: cpe:2.3:a:python:python:3.3.0:rc3:::::: cpe:2.3:a:python:python:3.3:beta2:::::: cpe:2.3:a:python:python:3.3:::::::* cpe:2.3:a:python:python:3.2.6:-:::::: cpe:2.3:a:python:python:3.2.6:rc1:::::: cpe:2.3:a:python:python:3.2.5:::::::* cpe:2.3:a:python:python:3.2.4:-:::::: cpe:2.3:a:python:python:3.2.4:rc1:::::: cpe:2.3:a:python:python:3.2.3:-:::::: cpe:2.3:a:python:python:3.2.3:rc1:::::: cpe:2.3:a:python:python:3.2.3:rc2:::::: cpe:2.3:a:python:python:3.2.2150:::::::* cpe:2.3:a:python:python:3.2.2:-:::::: cpe:2.3:a:python:python:3.2.2:rc1:::::: cpe:2.3:a:python:python:3.2.1:-:::::: cpe:2.3:a:python:python:3.2.1:beta1:::::: cpe:2.3:a:python:python:3.2.1:rc1:::::: cpe:2.3:a:python:python:3.2.1:rc2:::::: cpe:2.3:a:python:python:3.2.0:::::::* cpe:2.3:a:python:python:3.2:alpha:::::: cpe:2.3:a:python:python:3.2:-:::::: cpe:2.3:a:python:python:3.2:alpha1:::::: cpe:2.3:a:python:python:3.2:alpha2:::::: cpe:2.3:a:python:python:3.2:alpha3:::::: cpe:2.3:a:python:python:3.2:alpha4:::::: cpe:2.3:a:python:python:3.2:beta1:::::: cpe:2.3:a:python:python:3.2:beta2:::::: cpe:2.3:a:python:python:3.2:rc1:::::: cpe:2.3:a:python:python:3.2:rc2:::::: cpe:2.3:a:python:python:3.2:rc3:::::: cpe:2.3:a:python:python:3.1.5:-:::::: cpe:2.3:a:python:python:3.1.5:rc1:::::: cpe:2.3:a:python:python:3.1.5:rc2:::::: cpe:2.3:a:python:python:3.1.4:-:::::: cpe:2.3:a:python:python:3.1.4:rc1:::::: cpe:2.3:a:python:python:3.1.3:-:::::: cpe:2.3:a:python:python:3.1.3:rc1:::::: cpe:2.3:a:python:python:3.1.2150::::::x64: cpe:2.3:a:python:python:3.1.2:-:::::: cpe:2.3:a:python:python:3.1.2:rc1:::::: cpe:2.3:a:python:python:3.1.1:-:::::: cpe:2.3:a:python:python:3.1.1:rc1:::::: cpe:2.3:a:python:python:3.1.0:::::::* cpe:2.3:a:python:python:3.1:-:::::: cpe:2.3:a:python:python:3.1:alpha1:::::: cpe:2.3:a:python:python:3.1:alpha2:::::: cpe:2.3:a:python:python:3.1:beta1:::::: cpe:2.3:a:python:python:3.1:rc1:::::: cpe:2.3:a:python:python:3.1:rc2:::::: cpe:2.3:a:python:python:3.0.1:::::::* cpe:2.3:a:python:python:3.0.0:::::::* cpe:2.3:a:python:python:3.0:-:::::: cpe:2.3:a:python:python:3.0:alpha1:::::: cpe:2.3:a:python:python:3.0:alpha2:::::: cpe:2.3:a:python:python:3.0:alpha3:::::: cpe:2.3:a:python:python:3.0:alpha4:::::: cpe:2.3:a:python:python:3.0:alpha5:::::: cpe:2.3:a:python:python:3.0:beta1:::::: cpe:2.3:a:python:python:3.0:beta2:::::: cpe:2.3:a:python:python:3.0:beta3:::::: cpe:2.3:a:python:python:3.0:rc1:::::: cpe:2.3:a:python:python:3.0:rc2:::::: cpe:2.3:a:python:python:3.0:rc3:::::: cpe:2.3:a:python:python:2.7.9:-:::::: cpe:2.3:a:python:python:2.7.9:rc1:::::: cpe:2.3:a:python:python:2.7.8:::::::* cpe:2.3:a:python:python:2.7.7:-:::::: cpe:2.3:a:python:python:2.7.7:rc1:::::: cpe:2.3:a:python:python:2.7.6:-:::::: cpe:2.3:a:python:python:2.7.6:rc1:::::: cpe:2.3:a:python:python:2.7.5:::::::* cpe:2.3:a:python:python:2.7.4:-:::::: cpe:2.3:a:python:python:2.7.4:rc1:::::: cpe:2.3:a:python:python:2.7.3:-:::::: cpe:2.3:a:python:python:2.7.3:rc1:::::: cpe:2.3:a:python:python:2.7.3:rc2:::::: cpe:2.3:a:python:python:2.7.2150:::::::* cpe:2.3:a:python:python:2.7.2:rc1:::::: cpe:2.3:a:python:python:2.7.2:-:::::: cpe:2.3:a:python:python:2.7.16:-:::::: cpe:2.3:a:python:python:2.7.16:rc1:::::: cpe:2.3:a:python:python:2.7.16:::::::* cpe:2.3:a:python:python:2.7.15:-:::::: cpe:2.3:a:python:python:2.7.15:rc1:::::: cpe:2.3:a:python:python:2.7.14:-:::::: cpe:2.3:a:python:python:2.7.14:rc1:::::: cpe:2.3:a:python:python:2.7.13:-:::::: cpe:2.3:a:python:python:2.7.13:rc1:::::: cpe:2.3:a:python:python:2.7.12:-:::::: cpe:2.3:a:python:python:2.7.12:rc1:::::: cpe:2.3:a:python:python:2.7.1150:::::::* cpe:2.3:a:python:python:2.7.1150::::::x64: cpe:2.3:a:python:python:2.7.11:-:::::: cpe:2.3:a:python:python:2.7.11:rc1:::::: cpe:2.3:a:python:python:2.7.10:-:::::: cpe:2.3:a:python:python:2.7.10:rc1:::::: cpe:2.3:a:python:python:2.7.1:-:::::: cpe:2.3:a:python:python:2.7.1:rc1:::::: cpe:2.3:a:python:python:2.7.0:::::::* cpe:2.3:a:python:python:2.6.9:::::::* cpe:2.3:a:python:python:2.6.8:::::::* cpe:2.3:a:python:python:2.6.7:::::::* cpe:2.3:a:python:python:2.6.6150:::::::* cpe:2.3:a:python:python:2.6.6:::::::* cpe:2.3:a:python:python:2.6.5:::::::* cpe:2.3:a:python:python:2.6.4:::::::* cpe:2.3:a:python:python:2.6.3:::::::* cpe:2.3:a:python:python:2.6.2150:::::::* cpe:2.3:a:python:python:2.6.2:::::::* cpe:2.3:a:python:python:2.6.1:::::::* cpe:2.3:a:python:python:2.6.0:::::::* cpe:2.3:a:python:python:2.5.6:::::::* cpe:2.3:a:python:python:2.5.5:::::::* cpe:2.3:a:python:python:2.5.4:::::::* cpe:2.3:a:python:python:2.5.3:::::::* cpe:2.3:a:python:python:2.5.2:::::::* cpe:2.3:a:python:python:2.5.150:::::::* cpe:2.3:a:python:python:2.5.1:::::::* cpe:2.3:a:python:python:2.5.0:::::::* cpe:2.3:a:python:python:2.4.6:::::::* cpe:2.3:a:python:python:2.4.5:::::::* cpe:2.3:a:python:python:2.4.4:::::::* cpe:2.3:a:python:python:2.4.3:::::::* cpe:2.3:a:python:python:2.4.2:::::::* cpe:2.3:a:python:python:2.4.1:::::::* cpe:2.3:a:python:python:2.4.0:::::::* cpe:2.3:a:python:python:2.3.7:::::::* cpe:2.3:a:python:python:2.3.6:::::::* cpe:2.3:a:python:python:2.3.5:::::::* cpe:2.3:a:python:python:2.3.4:::::::* cpe:2.3:a:python:python:2.3.3:::::::* cpe:2.3:a:python:python:2.3.2:::::::* cpe:2.3:a:python:python:2.3.1:::::::* cpe:2.3:a:python:python:2.3.0:::::::* cpe:2.3:a:python:python:2.2.3:::::::* cpe:2.3:a:python:python:2.2.2:::::::* cpe:2.3:a:python:python:2.2.1:::::::* cpe:2.3:a:python:python:2.2.0:::::::* cpe:2.3:a:python:python:2.2:::::::* cpe:2.3:a:python:python:2.1.3:::::::* cpe:2.3:a:python:python:2.1.2:::::::* cpe:2.3:a:python:python:2.1.1:::::::* cpe:2.3:a:python:python:2.1:::::::* cpe:2.3:a:python:python:2.0.1:::::::* cpe:2.3:a:python:python:2.0:::::::* cpe:2.3:a:python:python:1.6.1:::::::* cpe:2.3:a:python:python:1.6:::::::* cpe:2.3:a:python:python:1.5.2:::::::* cpe:2.3:a:python:python:1.3:::::::* cpe:2.3:a:python:python:1.2:::::::* cpe:2.3:a:python:python:0.9.1:::::::* cpe:2.3:a:python:python:0.9.0:::::::* cpe:2.3:a:python:python:::::::: cpe:2.3:a:python:python:-:::::::*	231
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	3

Nessus® Vulnerability Scanner

Date	Description
2018-10-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-4307.nasl - Type : ACT_GATHER_INFO
2018-09-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1520.nasl - Type : ACT_GATHER_INFO
2018-09-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1519.nasl - Type : ACT_GATHER_INFO
2018-08-17	Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0052.nasl - Type : ACT_GATHER_INFO
2018-08-17	Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0051.nasl - Type : ACT_GATHER_INFO
2018-05-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201805-02.nasl - Type : ACT_GATHER_INFO
2018-02-12	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0fe70bcd2ce346c9a64b4a7da097db07.nasl - Type : ACT_GATHER_INFO
2018-02-09	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-945.nasl - Type : ACT_GATHER_INFO
2018-01-19	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-943.nasl - Type : ACT_GATHER_INFO
2018-01-15	Name : The remote Fedora host is missing a security update. File : fedora_2017-677069c484.nasl - Type : ACT_GATHER_INFO
2018-01-15	Name : The remote Fedora host is missing a security update. File : fedora_2017-a41f6a8078.nasl - Type : ACT_GATHER_INFO
2018-01-15	Name : The remote Fedora host is missing a security update. File : fedora_2017-99d12bf610.nasl - Type : ACT_GATHER_INFO
2018-01-15	Name : The remote Fedora host is missing a security update. File : fedora_2017-2e5a17c4cc.nasl - Type : ACT_GATHER_INFO
2018-01-04	Name : The remote Fedora host is missing a security update. File : fedora_2017-7fe2c4bc0e.nasl - Type : ACT_GATHER_INFO
2017-12-20	Name : The remote Fedora host is missing a security update. File : fedora_2017-e0abe14016.nasl - Type : ACT_GATHER_INFO
2017-12-20	Name : The remote Fedora host is missing a security update. File : fedora_2017-cf8c62747a.nasl - Type : ACT_GATHER_INFO
2017-12-19	Name : The remote Fedora host is missing a security update. File : fedora_2017-2d441a1d98.nasl - Type : ACT_GATHER_INFO
2017-12-18	Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2017-1335.nasl - Type : ACT_GATHER_INFO
2017-12-18	Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2017-1334.nasl - Type : ACT_GATHER_INFO
2017-12-05	Name : The remote Fedora host is missing a security update. File : fedora_2017-6be762ea64.nasl - Type : ACT_GATHER_INFO
2017-11-29	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3496-3.nasl - Type : ACT_GATHER_INFO
2017-11-29	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3496-1.nasl - Type : ACT_GATHER_INFO
2017-11-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1189.nasl - Type : ACT_GATHER_INFO
2017-11-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1190.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2018-05-03 05:17:20	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	234
Nessus® Exploit(s)	24

	Related
9.8	CVE-2017-1000158
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - GLSA-201805-02

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU